Applies to: VisualSVN Server 5.1 and later
All the system permissions that are needed for VisualSVN Server to function properly are automatically configured by its installer. To get VisualSVN Server to run, manual adjustment of system permissions is not required in the vast majority of cases.
This article lists several cases that are exceptions, where you may need to manually configure system permissions:
- on the Repositories Root directory;
- on the VisualSVN Server's installation directory and on its parent directories.
Manually granting permissions on the Repositories Root directory
You may need to manually adjust system permissions on the Repositories Root directory in the following situations:
- when the Repositories Root directory is stored remotely (on a network share), on a different computer than the one that runs VisualSVN Server.
- when the Repositories Root directory is stored locally, but for any reason you prefer to keep the Automatically adjust permissions option disabled in VisualSVN Server's Storage settings.
Required permissions for the Repositories Root directory
In the above-mentioned cases that require manually granting permissions, grant the permissions specified in the table. Also, see the sections below for details on setting these permissions.
Object | Whom to grant | Permission |
---|---|---|
Repositories Root directory* |
Services:
Other:
|
NTFS permission:
Share permission:** |
*By default, the location of the Repositories Root directory is:
C:\Repositories
, unless you have changed it during the
installation or later in the VisualSVN Server's Storage settings.
**Share permissions are needed only when storing repositories remotely (in a shared folder).
Manual configuration if Repositories Root is on a network share
In case of storing repositories remotely (on a network share), you will need to manually grant two types of access permissions on the remote Repositories Root directory: NTFS permissions and Share permissions.
On the remote Repositories Root directory, grant the permissions listed in the table above as follows:
- To grant access to VisualSVN Server services that run under the Network Service account (which is their default), grant permissions to the Computer account of the computer that runs VisualSVN Server. Services running under the Network Service account authenticate to remote network resources as the Computer that they run on.
- If you have configured any VisualSVN Server services to run under a dedicated (i.e. non-default) logon account, grant permissions to this dedicated account. In this case, the dedicated logon account must be a domain user account, not a local user account.
- Grant permissions to domain administrators and to any non-admin domain users whom you want to be able to manage your VisualSVN Server.
For more detailed instructions on how to grant the permissions listed for this case, see the section titled Configure required access permissions in the article KB22: Storing repositories on a network share.
Manual adjustment on Repositories Root when automatic adjustment is disabled
When the Repositories Root directory is local, but you want to keep automatic permission adjustment disabled, you can manually grant the permissions listed in the table above directly to specific VisualSVN Server services by using their Service Security Identifiers (Service SIDs).
NT
SERVICE\<service_name>
, for example: NT
SERVICE\VisualSVNServer
. Note that Service SIDs are local to the
computer running the service, so if you are setting permissions in Windows
File Explorer, make sure that when entering an account name you've
selected the local computer in the Locations.
Manually granting permissions on the installation directory and its parents
You may need to manually adjust NTFS permissions on the installation directory of VisualSVN Server and on the parent directories of this installation directory in the following situations:
-
In some cases, when installing VisualSVN Server to a non-default
location (for example, to
D:\Applications\VisualSVN Server\
). - If you configured the VisualSVN HTTP Service to run under a dedicated (non-default) logon account.
In all other cases VisualSVN HTTP Service will have the required permissions automatically, due to the fact that its default logon account (the Network Service account) has the required permissions.
Required permissions for the installation directory and its parents
In the above-mentioned cases that require manually granting permissions, grant the permissions specified in the table. Also, see the sections below for details on setting these permissions.
Object | Whom to grant | Permission |
---|---|---|
VisualSVN Server installation directory | VisualSVNServer (VisualSVN HTTP Service) |
NTFS permission: 'Read & execute' |
Parent directories of the VisualSVN Server installation directory* | VisualSVNServer (VisualSVN HTTP Service) |
NTFS permission: 'Read & execute' (non-recursive is sufficient) |
*This includes all the parent directories of the installation directory, up to and including the disk volume. For example, by default, the VisualSVN Server installation directory and its parents are:
C:\Program Files\VisualSVN Server
C:\Program Files
C:\
Manual adjustment due to a dedicated logon account for VisualSVN HTTP Service
If you configured VisualSVN HTTP Service to run under a dedicated (non-default) logon account, grant the permissions listed in this section's table to this dedicated logon account. For complete instructions on how to set up VisualSVN HTTP Service to run under a dedicated account, see KB24: Configuring VisualSVN HTTP Service to run under a dedicated user account.
Manual configuration due to a non-default installation location
When installing VisualSVN Server to a non-default location, if VisualSVN HTTP Service fails to start during or after the installation, grant the permissions listed in this section's table either to the Network Service account (which is the default service logon account of VisualSVN HTTP Service) or directly to the Service SID of VisualSVN HTTP Service. The latter option is suitable if you have not canceled the installation.
NT
SERVICE\<service_name>
, for example: NT
SERVICE\VisualSVNServer
. Note that Service SIDs are local to the
computer running the service, so if you are setting permissions in Windows
File Explorer, make sure that when entering an account name you've
selected the local computer in the Locations.